feat: add role mappings for SAML configuration (#1210)

2023-08-11 19:07:39 +02:00
parent c7e1d30553
commit a6a124d2e6
8 changed files with 190 additions and 25 deletions
--- a/packages/backend/src/models/saml-auth-provider.ee.ts
+++ b/packages/backend/src/models/saml-auth-provider.ee.ts
@@ -3,6 +3,7 @@ import type { SamlConfig } from '@node-saml/passport-saml';
 import appConfig from '../config/app';
 import Base from './base';
 import Identity from './identity.ee';
+import SamlAuthProvidersRoleMapping from './saml-auth-providers-role-mapping.ee';

 class SamlAuthProvider extends Base {
  id!: string;
@@ -17,6 +18,7 @@ class SamlAuthProvider extends Base {
  roleAttributeName: string;
  defaultRoleId: string;
  active: boolean;
+  samlAuthProvidersRoleMappings?: SamlAuthProvidersRoleMapping[];

  static tableName = 'saml_auth_providers';

@@ -63,6 +65,14 @@ class SamlAuthProvider extends Base {
        to: 'saml_auth_providers.id',
      },
    },
+    samlAuthProvidersRoleMappings: {
+      relation: Base.HasManyRelation,
+      modelClass: SamlAuthProvidersRoleMapping,
+      join: {
+        from: 'saml_auth_providers.id',
+        to: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
+      },
+    },
  });

  get config(): SamlConfig {
--- a/packages/backend/src/models/saml-auth-providers-role-mapping.ee.ts
+++ b/packages/backend/src/models/saml-auth-providers-role-mapping.ee.ts
@@ -0,0 +1,36 @@
+import Base from './base';
+import SamlAuthProvider from './saml-auth-provider.ee';
+
+class SamlAuthProvidersRoleMapping extends Base {
+  id!: string;
+  samlAuthProviderId: string;
+  roleId: string;
+  remoteRoleName: string;
+
+  static tableName = 'saml_auth_providers_role_mappings';
+
+  static jsonSchema = {
+    type: 'object',
+    required: ['samlAuthProviderId', 'roleId', 'remoteRoleName'],
+
+    properties: {
+      id: { type: 'string', format: 'uuid' },
+      samlAuthProviderId: { type: 'string', format: 'uuid' },
+      roleId: { type: 'string', format: 'uuid' },
+      remoteRoleName: { type: 'string', minLength: 1 },
+    },
+  };
+
+  static relationMappings = () => ({
+    samlAuthProvider: {
+      relation: Base.BelongsToOneRelation,
+      modelClass: SamlAuthProvider,
+      join: {
+        from: 'saml_auth_providers_role_mappings.saml_auth_provider_id',
+        to: 'saml_auth_providers.id',
+      },
+    },
+  });
+}
+
+export default SamlAuthProvidersRoleMapping;